Here's the The Lowdownfrom DN Journal,
updated dailyto
fill you in on the latest buzz going around the domain name industry.

The Lowdown is
compiled by DN Journal Editor & Publisher Ron
Jackson.

Major
Domain Hijacking Alert: Industry Pioneer Warren
Weitzman Has Over a Dozen Domains Stolen From
his Enom Account

Warren
Weitzman's worst nightmare has just come true.Weitzman
has been in the domain game since 1994 and
oldtimers in the industry know him as one of the
pioneers in the business. Weitzman is a quiet
guy who has never been interested in the
spotlight, but as the victim of a major
domain hijacking he is speaking up now with
the hope that the publicity will lead to the
return of his domains and prevent problems for
others who might unknowingly buy the stolen
names and lose their investment. Weitzman is
also trying to find out how the theft
happened and he believes the break-in could
have occurred as high as the registry level at Verisign.

Weitzman
first learned something was wrong on
Thursday when Rick Waters, who is
developing Adios.com for
Weitzman's company, called to tell him
that suddenly Adios.com had stopped
resolving at the assigned DNS.
"I immediately went into my
account at Enom and saw that Adios.com
was there, still locked, with the same
normal email for me, and everything
appeared to be fine," Weitzman
said. "But when I did a WhoIs
lookup at DomainTools it showed a
ĎJohn Thalackerí as the
registrant, 000domains as the
registrar, and fastpark.net as
the dns and lander, plus a phone number
that didnít work." (Editor's
note: John Thalacker is a veteran
domainer whose name was apparently
picked at random by the thief for the
false WhoIs info on this domain. So John
is also being victimized by the
criminal).

"I
immediately called Enom, emailed them
transfer-

Warren
Weitzmandomain
hijacking victim

disputes
and inquired how the
domain could be in my account while
showing another owner in the public
record simultaneously. I
alerted everyone I knew, but no one
could understand how this could happen,'
Weitzman said.

"After
contacting Enom, we learned that all of
the domains were still locked but
Adios.com was no longer in Enom's
database. It had been transferred
out. How could this happen without a
notifying email, EPP, without a hack at
the Verisign level or some kind of
cooperation from Enom? We also
found that other domains had been
transferred out to the same DNS (fastpark.net)
and those names now showed various registrant
information (mostly privacy WhoIs),"
Weitzman said.

Weitzman
said the initial list of names
taken from two different accounts he has
at Enom includes these domains:

"All
of these names showed in Enomís
transfer-out report as moving over the
last 2 weeks, Sou.com being the first,
moving on the 8th of July,"
Weitzman said. "While I received a
response from the transfer-dispute
department at Enom, there has been no
explanation nor any guess as to how this
could happen."

Even
worse, the string of thefts
did not end there. Weitzman
said, "This morning we
noticed two more of our
best names, Before.com
and Even.com, were moved
to Directi overnight with
Privacy WhoIs. These domains
were both locked and using my
primary email as contact
information. I have had
them since 1995.
Even after changing
passwords on these
accounts, the domains
continue to disappear.
How could someone even know my
login/username for these
accounts, let alone
passwords? This is why we
think the error or hack has
taken place at Verisign -
domains are showing in both
registrars at the same time,
there are no email notifications
or EPP code requests,"
Weitzman said.

"I
am wondering if anyone else has
had this experience with Enom or
knows whether Verisign has been
hacked. We cannot understand
how

this
could happen, right under our
watchful eyes, and may still
be going on. Enom claims to
have locked down my accounts
from further domain movement and
to have contacted the gaining
registrars," Weitzman said.
"They said they will notify
me when they hear back from the
registrars who hold the names
now."

Meanwhile,
some of the names that have already been
taken from Weitzman's account continue
to move (a common situation with stolen
domains). "We noticed that Sou.com,
the first of the hijacked domains, was transferred
again, this time to NamesDirect
as registrar and again, fastpark.net as
the lander and another private Whois,"
Weitzman said. "I hope that by
publicizing this, we can find out if
anyone else has had this experience and
what the resolution might be. It
is also our hope that no one will
purchase any of these names,"
Weitzman added.

If
you have any information that could help
Warren recover his stolen domains, you
can send it to Warren at Warren.com.
We will follow up with new developments
as they occur.

We need your help to keep giving domainers The
Lowdown, so please email editor@dnjournal.comwith any interesting information you might have. If possible,
include the source of your information so we can check it out (for
example a URL if you read it in a forum or on a site
elsewhere).